<?php
session_start();
include('db_config.php');
if (isset($_POST['user_id']) && isset($_POST['password'])){
	$link = mysql_connect($db_host, $db_user, $db_password);
	mysql_select_db ($db_name);
	$UID = mysql_real_escape_string($_POST['user_id']);
	$PASSWD = mysql_real_escape_string($_POST['password']);
	$query = "SELECT * FROM admin WHERE user_id = '$UID' AND password = '$PASSWD'";
	$result = mysql_query($query) or die("Query failed due to: " . mysql_error());
	$row = mysql_fetch_assoc($result);
	if (!(empty($row))) {
		$_SESSION["valid"] = "true";
		$_SESSION['uid'] = $UID;
		if ($row['id'] == 1){
			$_SESSION['super_admin'] = true;
			header("Location: ./mpanel.php");
			exit;
		}
		else {
			header("Location: ./panel.php");
			exit;
		}
	}
}
header("Location: ./admin.php?error=login");
exit;
?>